Optus commissions independent review into hack

Optus has hired consultancy Deloitte to carry out an external review of the breach that exposed the personal data of almost 10 million customers and has embroiled the telecommunications giant in a brawl with the federal government.

The company announced the review on Monday, after taking out ads over the weekend to apologise for the hack, which included driver’s licence, passport and Medicare numbers as well as names, addresses and emails. The review will look at Optus’ cybersecurity systems, controls, processes and circumstances surrounding the theft.

The hack at the country’s second-biggest telco means the personal details of as many as 9.8 million Australian customers are no longer secure.Credit:Fairfax Media

In a statement, the company said the review was recommended by Optus chief executive Kelly Bayer Rosmarin and supported by the board of Optus’ parent company, the Singaporean telecommunications conglomerate Singtel.

“We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people,” Bayer Rosmarin said. “While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong.”

Cybersecurity experts and the Minister for Home Affairs, Clare O’Neil, have both said the hack was “quite basic”. In the experts’ view, a gateway to Optus’ customer database was left largely unsecured, resulting in its systems simply sending the hacker requested data.

O’Neil, who is also cybersecurity minister, and government services minister both criticised Optus on Sunday for failing to tell the government exactly who has had what information taken.

Bayer Rosmarin said the review would help Optus understand how the hack happened and what could be done to stop it occurring.

“It will help inform the response to the incident for Optus. This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists.

“I am committed to rebuilding trust with our customers and this important process will assist those efforts,” she said.

More to come.

Most Viewed in Technology

Source: Read Full Article